UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MEM server and client must encrypt all data using a FIPS 140-2 validated cryptographic module.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32790 WIR-WMS-MEM-09 SV-43136r1_rule ECCT-1 Medium
Description
FIPS 140-2 validated encryption is the DoD standard for unclassified data encryption. When non-FIPS validated encryption modules are used (other than Type 1) the required level of trust that sensitive DoD data cannot be compromised is not available.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-01-17

Details

Check Text ( C-41123r3_chk )
Verify the MEM client encrypts all data using a FIPS 140-2 validated cryptographic module. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Vendor must provide valid NIST FIPS Certificate for the cryptographic module utilized.

Mark as a finding if the MEM server does not have required features.
Fix Text (F-36671r2_fix)
Use a MEM product that encrypts all email using a FIPS 140-2 validated cryptographic module.